Have a question? Want to report an issue? Contact JFrog support

Skip to end of metadata
Go to start of metadata

Overview

Proxies in Mission Control support connecting JFrog services to each other and to the Internet. From Mission Control 3.2, you configure a proxy on the Site level instead of configuring a proxy for each service. All the services in a site automatically inherit the site proxy settings for that site removing the need to configure a proxy for each service.

Assigning a Site to Mission Control is Mandatory

Mission Control needs to be associated with a site in order to leverage the automatic proxy selection. A default Site 'MC_Site', geographically placed along the GMT line, is automatically created as a part of the Mission Control startup. The default Site can be changed from the General Settings section in the Admin menu.

Proxy Management in Mission Control supports:

  • Central managment of all proxies.
  • Automatic migration of existing JFrog service proxies to the Proxy Management tab.
  • Several types of network proxies including NTLMv2 (when running on Linux you may use NTLMv2 only with CNTLM).

To simplify configuring mulitple proxies, admins can define the proxies and proxy pairing in the Proxy Config tab in the Admin section. Proxy pairing, sets the data flow from the Source site to the Destination site through the selected site proxy. 

Distribution Enterprise+ Scenario 

Distribution relies on Mission Control to get topology information of which Edge nodes and Artifactory services to connect to. 

In the following example, Distribution and an Artifactory are configured on Site 1 and need to send release bundles to two Edge sites - Sitev2 and Sitev3: 

  • Proxy 1 is created on Site1: Dev_Art1. This site includes the Arti1 service and Distribution service. 
  • Proxy 2 is created on Site UK. This site includes Edge1.
  • Proxy 3 is created on Site AU. This site includes Edge2.

The Proxy setup is configured as follows in the Config Proxy section.


Page Contents

Viewing Proxies

Proxies are configured on the site level in the Config Proxy page. Services located on the site are automatically allocated the site proxy.

To view the list of proxies configured, in the Admin module, select Proxy | Config Proxy.

Proxy List

Creating a Proxy

  1. To create a new proxy, click Add Proxy and specify the basic site settings and credentials.

    Name
    A logical name for this proxy
    URL
    The proxy URL.
    Note: A URL associated with a service should not be used as a proxy URL.
    User Name
    A user name required to access the proxy server (optional).
    Password
    The password required to access the proxy server (optional).
  2. Click Add Site Pair and select the source and target sites to pair.

Configuring an NTLM Proxy

Mission Control supports several types of network proxies including NTLMv2. When running on Linux, you may want to use NTLMv2 with CNTLM.

NTLM Authorization Proxy Server (APS) is a proxy software that allows you to authenticate via a Microsoft Proxy Server using the proprietary NTLM protocol. 

NTLM is supported by running an ad-hoc CNTLM container like https://hub.docker.com/r/robertdebock/docker-cntlm/

Configure an NTLM Proxy

  1. Run the container to hash the NTML credentials.

    docker run robertdebock/docker-cntlm /bin/sh -c "echo Password <PASSWORD> > /etc/cntlm.conf; \
     /usr/sbin/cntlm -H -u <USERNAME> -d <DOMAIN>"

    The following output is generated:

    PassLM 1AD35398BE6565DDB5C4EF70C0593492
    PassNT 77B9081511704EE852F94227CF48A793
    PassNTLMv2 B78FD04127AEDF090C1F7121ED002A4D # Only for user 'username', domain 'domain'
  2. Run the container with the hashed credentials.

    docker run -e "USERNAME=username" -e "DOMAIN=mydomain" -e "PASSNTLMV2=B78FD04127AEDF090C1F7121ED002A4D" \
     -e "PROXY=<PROXY_URL:PORT" -p 3128:3128 -d robertdebock/docker-cntlm

In Mission Control, create a proxy in the Admin module, select Proxy | Config Proxy with the following parameters. 

Note that the credentials are not required because they are handled by CNTLM.

Migrating Proxies 

From Mission Control 3.2, proxies previously configured on the Service level are automatically migrated to the Site level. Proxies configured in Mission Control enable communication between services and are now dependent on the site on which the service is located. During Mission Control startup proxy configuration is automatically migrated to reflect the right Site pair based according to the following rules:

  1. The proxy on the source sites is automatically set as the Mission Control site. Initially, it is set with the default Site (MC_Site) that can later be changed in the Admin section to the valid site.
  2. If a service uses a proxy and has a site, the proxy site pair will refer to the Mission Control site as the source and service site as the destination.
  3. If no proxy is required to connect to a service, the service will be assigned by default to the Mission Control site. 
  4. If a service uses a proxy and doesn't have a site, a new site may be created and assigned to the service and the proxy Site pair has Mission Control Site as source and Service's Site as the destination.
  5. If a proxy has been configured, but not associated with any service, the configuration will remain as is.

Sites created as a part of migration can be updated at any time on the Service level or in the Admin section.  

REST API

Mission Control supports managing Proxies through the REST API.  

  • No labels